The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
FDIC ISSUES POLICY STATEMENT URGING BANKS TO OBTAIN ANNUAL INDEPENDENT EXTERNAL AUDIT The Board of Directors of the Federal Deposit Insurance Corporation adopted a new policy statement that strongly encourages all state nonmember banks to adopt an annual independent policy today external auditing program. The final statement, proposed by the agency on April 13, 1988, also suggests that all state nonmember banks establish an audit committee composed entirely of outside directors. In issuing the policy statement, the FDIC auditing that a problems in lessens the a bank will go undetected. risk internal that potentially The FDIC Board stated: large number of financial institutions experiencing financial a strong function, combined with an annual external auditing program performed by an independent auditor, substantially serious noted "The difficulties as result of fraud, insider abuse and mismanagement in recent years has made an external auditing program even more important." Under the new policy statement, the FDIC: o recommends that annual external either independent auditing programs be performed by public accountants or other qualified independent parties; o notes an that annual generally although an external audit is not mandatory, a bank with independent be considered audit of its to have a financial statements would satisfactory external auditing program; (more) FEDERAL DEPOSIT INSURANCE CORPORATION, 550 Seventeenth St., N.W., Washington, D.C. 20429 • 202-898-6996 - o suggests that 2 - banks send copies of external auditors’ reports to the appropriate FDIC regional office as soon as possible after receipt the report; o and reiterates its expectation outside of audit for at for least newly the insured first banks three to obtain an years after deposit insurance is granted. Additionally, if a bank’s audit committee or board of directors decides pot to have an independent public accountant perform an bank’s financial statements, the pension to use one of the acceptable reasons for the alternatives or annual audit committee’s to have no of the or board’s external auditing program should be documented in its minutes. i p In response to comments, the FDIC’s new policy statement ¡appendix now containing definitions of terms used in the statement. pf the new policy statement is attached. Attachment pistri but ion : Insured Nonmember Banks (Commercial and Mutual) includes an The full text Statement of Policy Regarding Independent External Auditing Programs of State Nonmember Banks 1. In view of its interest in the financial soundness of banks and the banking system, the FDIC believes that a strong internal auditing function combined with a well-planned external auditing program^ substantially lessens the risk that a bank will not detect potentially serious problems. An external auditing program is a set of procedures designed to test and evaluate high risk areas of a bank's business which are performed by an independent; auditor who may or may not be a public accountant. The failure to detect and correct potentially serious problems increases the risk a bank poses to the FDIC1s insurance fund. A strong internal auditing function establishes the proper control environment and promotes accuracy and efficiency in a bank s operations. An external auditing program complements this function by providing an objective outside view of the bank's operations. 2. Regardless of the strength of a bank's internal auditing procedures, the FDIC believes that an external auditing program should be considered by a bank's board of directors as part of the cost of operating a bank in a safe and sound manner. An external auditing program assists the bank's board of directors in safeguarding assets and identifying risks inherent in its operation. In addition, an external auditing program may tend to assist directors in the event of litigation on whether an institution's board has exercised reasonable care in protecting the assets of the bank. Thus, the FDIC urges all state nonmember banks to establish and maintain a sound external auditing program. 3. The FDIC strongly encourages the board of directors of each state nonmember bank to establish an audit committee consisting, if possible, entirely of outside directors. The audit committee or board of directors of^ each state nonmember bank generally should analyze the extent of the external auditing coverage needed by the bank annually. They should determine whether the bank's needs will best be met by an audit of its financial statements or by an acceptable alternative (described in paragraphs 8 and 9 below). When selecting the scope of the planned external auditing program for the year, the committee or board should ensure that the program will provide sufficient substantive external coverage of the bank's risk areas and any other areas of potential concern, such as compliance with applicable laws and regulations. JV Terms defined in Appendix A are underlined the first time they appear in this statement of policy. - 1- If not, additional external auditing procedures conducted by an independent auditor may be appropriate for a specific year or several years to cover particularly high risk areas of the bank. The decisions resulting from these deliberations should be recorded in the committee's or board's minutes. 4. If the audit committee or board of directors of a bank, after due consideration, determines not to engage an Independent public accountant to conduct an annual audit of the bank's financial statements (or whose parent holding company's consolidated financial statements are not audited), the reasons for the committee's or board's conclusion to use one of the acceptable alternatives or to have no external auditing program should be documented in its minutes. In the evaluation, the committee or board generally should consider not only the cost of an annual audit of the bank's financial statements, but also the potential benefits. 5. A review of both a bank's Internal and external auditing programs has been and will continue to be a part of the FDIC's examination procedures. FDIC examiners will review the nature of each bank's external auditing program in conjunction with the risk areas perceived in that particular bank's business and operations, and they will exercise their judgment and discretion in evaluating the adequacy of a bank's external auditing program. Examiners will not automatically comment negatively to the board of directors of a bank with an otherwise satisfactory external auditing program merely because it does not engage an independent public accountant to perform an audit of its financial statements. Audit bv an Independent Public Accountant 6. The FDIC strongly encourages each state nonmember bank to adopt an external auditing program that includes an annual audit of its financial statements by an independent public accountant. A bank that does so would generally be considered to have a satisfactory external auditing program. An external audit of a bank's financial statements benefits management by assisting in the establishment of the accounting and operating policies, internal controls, internal auditing programs, and management information systems necessary to ensure the fair presentation of these statements. An audit also assists boards of directors in fulfilling their fiduciary responsibilities and provides them greater assurance that financial reports are accurate and provide adequate disclosure. 7. An audit of a bank's financial statements performed by the independent public accountant as of a quarter-end date when the Reports of Condition and Income are prepared is preferable and would permit the bank to use the audited financial statements in the preparation and/or subsequent review of those reports. A bank may also find it more cost effective to be audited during accounting firms' less busy periods. The independent public accountant chosen should be experienced in auditing banks and knowledgeable about banking regulations in order to provide the bank with the most effective service. Alternatives to an Audit bv a Public Accountant 8. The FDIC recognizes that a bank's audit committee or board of directors may determine that the external auditing program that will best meet its individual needs for that particular year will be other than an audit of its financial statements by an independent public accountant. The committee or board, after a full review of alternative and/or supplemental approaches for an adequate Independent external auditing program, may decide on a well-planned directors' examination, an independent analysis of internal controls or other areas, a report on the balance sheet, or specified auditing procedures by an independent auditor. If the bank has an outside auditing firm that is simply obtaining confirmations of deposits and loans, for example, the committee or board should normally expand the scope of the auditing work performed to include additional procedures to test the bank's high risk areas. 9. Nonaccounting firms with bank auditing experience and expertise that are independent of the bank are available in some geographic locations. They may provide acceptable directors' examinations, analyses, or specified auditing work at a reasonable cost. In some instances, these firms' services include nonauditing work which enables them to provide suggestions on compliance issues and operational efficiencies. Depending upon the expertise of the firm and the scope of the engagement, these nonaccounting firms may be an appropriate choice for an external auditing program. Newly Insured Banks 10. The FDIC believes that an adequate external auditing program performed by an independent auditor should be an integral part of the safe and sound management of a bank. Thus, applicants for deposit insurance coverage after the effective date of this statement of policy will generally be expected to commit their bank to obtain an audit of their financial statements by an independent public accountant annually for at least the first three years after deposit insurance coverage is g r a n t e d . T h e FDIC may determine on a case-by-case basis that an independent audit of financial statements is unnecessary where an applicant can demonstrate that the benefits derived from Operating non-FDIC insured institutions should also note that the FDIC expects, unless waived in writing by the FDIC, any applicant for insurance with more than $50 million in assets to have an audit of its financial statements prior to submitting an application, and requests that a copy of the auditor's report be Included as part of the application. The FDIC may require such an audit, on a case-by-case basis, for applicants with assets of $50 million or less. Refer to the June 9, 1987 Statement of Policy Regarding Applications for Federal Deposit Insurance by Operating Non-FDIC Insured Institutions, as amended June 24, 1987. such an external audit will be substantially provided by other outside sources, or where the applicant is owned by another company and will undergo an audit performed by an Independent public accounting firm as part of an audit of the consolidated financial statements of its parent company. Notification and Submission of Reports 11. Whether currently or newly Insured, the FDIC requests each state nonmember bank that undergoes any external auditing work, regardless of the scope of the work, to furnish a copy of any reports by the public accountant or other external auditor, including any management letters, to the appropriate FDIC regional office as soon as possible after their receipt by the bank. 12. In addition, the FDIC requests each bank to promptly notify the appropriate FDIC regional office when any public accountant or other external auditor is Initially engaged to perform external auditing procedures and when a change in its accountant or auditor occurs. Holding Company Subsidiaries 13. When the audit committee or board of directors of any state nonmember bank owned by another company (such as a bank holding company) considers its external auditing program, it may find it appropriate to express the scope of its program in terms of the bank's relationship to the consolidated group. No section of this statement of policy is Intended to imply that any state nonmember bank owned by another company is expected to obtain a separate audit of the financial statements of the individual bank. Where the state nonmember bank is directly or indirectly included In the audit of the consolidated financial statements of its parent company performed by an Independent public accounting firm, the state nonmember bank may send one copy of the comparable reports by the public accountant or notification of the change in accountants for the consolidated company to the appropriate regional director. If several banks supervised by the same FDIC regional office are owned by one parent company, a single copy of each report applicable to the consolidated company may be submitted to the regional office on behalf of all of the affiliated banks. Troubled Banks 14. An annual independent external auditing program complements both the FDIC's supervisory process and bank internal auditing programs by further identifying or clarifying Issues of potential concern or exposure. It can also greatly aid management in taking corrective action, particularly when weaknesses are detected 1n internal control or management Information systems. For these reasons, an annual audit of bank financial statements performed by an independent public accounting firm or, If more appropriate, specified auditing procedures will be a condition of future enforcement actions, when deemed necessary, or if it appears that any of the following conditions may exist: (a) internal controls and internal auditing procedures are inadequate; -4- (b) (c) (d) (e) (f) (f) (g) the directorate is generally uninformed 1n the area of Internal controls; there 1s evidence of Insider abuse; there are known or suspected defalcations; there Is known or suspected criminal activity; 1t 1s probable that director liability for losses exists; direct verification Is warranted; and/or questionable transactions with affiliates have occurred. 15. Such an enforcement action may also require that (a) the bank provide to the appropriate FDIC regional office a copy of the auditor's report and any management letter received from the auditor promptly after the completion of any auditing work and that (b) the bank notify the regional office In advance of the time and date of any meeting between management and the auditor at which any auditing findings are to be presented so that a representative of the FDIC may be present 1f the FDIC so chooses. By order of the Board of Directors. day Of November _______ , 1988. Dated at Washington, D.C. this — 16th FEDERAL DEPOSIT INSURANCE CORPORATION Executive Secretary (SEAL) - 5- APPENDIX A DEFINITIONS Audit. An examination of the financial statements, accounting records, and other supporting evidence of a bank performed by an independent certified or licensed public accountant in accordance with generally accepted auditing standards and of sufficient scope to enable the auditor to express an opinion on the bank's financial statements as to their presentation 1n accordance with generally accepted accounting principles (GAAP). Audit Committee. A committee of the board of directors, consisting, if possible, entirely of outside directors. To the extent possible, members of the committee should be knowledgeable about accounting and auditing. They should be responsible for reviewing and approving the bank's internal and external auditing programs or recommending adoption of these programs to the full board. Both the internal auditor and the external auditor should have unrestricted access to the audit committee without the need for any prior management knowledge or approval. Other duties of the audit committee should include reviewing the independence of the external auditor annually, being consulted by management when it seeks a second opinion on an accounting issue, overseeing the quarterly regulatory reporting process, and reporting its findings periodically to the full board of directors. Directors' Examination. A review by an independent third party that has been authorized by the bank's board of directors and is performed 1n accordance with the board's analysis of potential risk areas. Certain procedures may also be required as a result of state law. A directors' examination consisting solely of such procedures as cash counts and confirmations of loans and deposits would not normally be considered a well-planned directors' examination. (Sometimes directors' examinations are similar to so-called "engagement audits" or "operational audits." Nevertheless, no widely accepted national standards exist for the specific procedures that must be performed in directors' examinations or these "audits.") External Auditing Program. high risk areas of a bank's not be a public accountant, an opinion on the financial procedures performed. The performance of procedures to test and evaluate business by an independent auditor, who may or may sufficient for the auditor to be able to express statements or to report on the results of the Financial statements. The statements of financial position, income, cash flows (changes in financial position), and changes 1n shareholders equity together with related notes. Independent. No certified public accountant, public accountant, or other auditor will be recognized as independent who is not in fact independent. (Reference is made to Section 335.604 of the FDIC Rules and Regulations for the complete definition of the term "independent.") - 6- Outside Directors. Members of a bank's board of directors who are not officers, employees, or principal stockholders of the bank, its subsidiaries, or its affiliates, and do not have any material business dealings with the bank, its subsidiaries, or its affiliates. Public Accountant. A certified public accountant or licensed public accountant who is duly registered and in good standing as such under the laws of the place of his/her residence or principal office, who is licensed by the accounting regulatory authority of his/her state, and who possesses a permit to practice public accountancy. Report on the Balance Sheet. An examination of the balance sheet, accounting records, and other supporting evidence performed by an Independent certified or licensed public accountant in accordance with generally accepted auditing standards. Risk Areas. The risk areas are those particular activities of a specific bank that expose the bank to potential losses if problems were to exist and go undetected. The highest risk areas in banks generally include, but are not necessarily limited to, the valuation or collectibility of loans (including the reasonableness of the allowance for loan losses), investments, and repossessed and foreclosed collateral; internal controls; and insider transactions. -7-